Hello,
I am currently trying to install certificates for tls. By this time I have
got some questions:
1) Is documentation in the web docs up-to-date regarding tls server,
client, ca certificates? (actually I have some problems, but maybe this is
due to smth has changed in certtools and was not updated in docs, perhaps
some more fields are needed now).
2) there is a error in virt-pki-validate :
when determining whether host name matches CN name you assume, that CN is
standing in the end. So I get an error:
The server certificate does not seem to match the host name
hostname: "barni"
Server certificate CN: "barni,O=libvirt.org"
CN field is standing at the beginning of line.
Seems that these are the appropriate lines in code:
258 S_HOST=`"$CERTOOL" -i --infile "$LIBVIRT/servercert.pem" | grep
Subject: | sed 's+.*CN=\([a-zA-Z\. _-]*\)+\1+'`
259 if test "$S_HOST" != "`hostname -s`" && test
"$S_HOST" != "`hostname`"